git.samba.org - metze/samba/wip.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Fri, 17 Aug 2018 09:35:41 +0000 (11:35 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 17 Aug 2018 09:44:31 +0000 (11:44 +0200)
commit	3be8e1f8fe502ee056d505f1c8ad43c262fab07c
tree	d51ab87ceb9ab9b64f8833df69567fe49efd69fe	tree
parent	b831cf95b7a42935b4d164806220e90282a05ab4	commit \| diff

TODO: smb2_server: set req->do_encryption = true earlier

TODO: tests

https://blogs.msdn.microsoft.com/openspecification/2012/10/05/encryption-in-smb-3-0-a-protocol-perspective/

The sender encrypts the message if any of the following conditions is
satisfied:

    If the sender is sending a response to an encrypted request.
    If Session.EncryptData is TRUE and the request or response being
sent is not NEGOTIATE.
    If Session.EncryptData is FALSE, the request or response being sent
is not NEGOTIATE or SESSION_SETUP or TREE_CONNECT, and
<TreeConnect|Share>.EncryptData is TRUE.

[MS-SMB2] 3.3.4.1.4 Encrypting the Message

If Connection.Dialect belongs to the SMB 3.x dialect family and
Connection.ClientCapabilities includes the SMB2_GLOBAL_CAP_ENCRYPTION
bit, the server MUST encrypt the message before sending, if any of the
following conditions are satisfied:

- If the message being sent is any response to a client request for which
   Request.IsEncrypted is TRUE.

- If Session.EncryptData is TRUE and the response being sent is not
   SMB2_NEGOTIATE or SMB2 SESSION_SETUP.

- If Session.EncryptData is FALSE, the response being sent is not
   SMB2_NEGOTIATE or SMB2 SESSION_SETUP or SMB2 TREE_CONNECT, and
   Share.EncryptData for the share associated with the TreeId in the SMB2
   header of the response is TRUE.

The server MUST encrypt the message as specified in section 3.1.4.3,
before sending it to the client.